rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- apply fixes from Tom Yu for MITKRB5-SA-2006-002 (CVE-2006-6143) (#218456)

Browse Source 
- apply fixes from Tom Yu for MITKRB5-SA-2006-003 (CVE-2006-6144) (#218456)
    Related: #218456
This commit is contained in:
Nalin Dahyabhai 2007-01-09 19:31:40 +00:00
parent 3ffdc43878
commit a9e6df4ffc
3 changed files with 1939 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
2006-002-patch.txt Normal file
View File

@ -0,0 +1,27 @@
Index: src/lib/rpc/svc.c
===================================================================
*** src/lib/rpc/svc.c (revision 18864)
--- src/lib/rpc/svc.c (working copy)
***************
*** 437,442 ****
--- 437,444 ----
#endif
}
+ extern struct svc_auth_ops svc_auth_gss_ops;
+
static void
svc_do_xprt(SVCXPRT *xprt)
{
***************
*** 518,523 ****
--- 520,528 ----
if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
SVC_DESTROY(xprt);
break;
+ } else if ((xprt->xp_auth != NULL) &&
+ (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) {
+ xprt->xp_auth = NULL;
}
} while (stat == XPRT_MOREREQS);

1903
2006-003-patch.txt Normal file
View File

File diff suppressed because it is too large Load Diff

10
krb5.spec
View File

@ -10,7 +10,7 @@
Summary: The Kerberos network authentication system. Summary: The Kerberos network authentication system.
Name: krb5 Name: krb5
Version: 1.5 Version: 1.5
Release: 11 Release: 15
# Maybe we should explode from the now-available-to-everybody tarball instead? # Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar # http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}.tar.gz
@ -67,6 +67,8 @@ Patch41: krb5-1.2.7-login-lpass.patch
Patch44: krb5-1.4.3-enospc.patch Patch44: krb5-1.4.3-enospc.patch
Patch45: krb5-1.5-gssinit.patch Patch45: krb5-1.5-gssinit.patch
Patch46: http://web.mit.edu/kerberos/advisories/2006-001-patch_1.5.txt Patch46: http://web.mit.edu/kerberos/advisories/2006-001-patch_1.5.txt
Patch47: http://web.mit.edu/kerberos/advisories/2006-002-patch.txt
Patch48: http://web.mit.edu/kerberos/advisories/2006-003-patch.txt
License: MIT, freely distributable. License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -133,6 +135,10 @@ network uses Kerberos, this package should be installed on every
workstation. workstation.
%changelog %changelog
* Tue Jan 9 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.5-15
- apply fixes from Tom Yu for MITKRB5-SA-2006-002 (CVE-2006-6143) (#218456)
- apply fixes from Tom Yu for MITKRB5-SA-2006-003 (CVE-2006-6144) (#218456)
* Mon Oct 23 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-11 * Mon Oct 23 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-11
- don't bail from the KDC init script if there's no database, it may be in - don't bail from the KDC init script if there's no database, it may be in
a different location than the default (fenlason) a different location than the default (fenlason)
@ -968,6 +974,8 @@ workstation.
pushd src pushd src
%patch46 -p0 -b .2006-001 %patch46 -p0 -b .2006-001
popd popd
%patch47 -p0 -b .2006-002
%patch48 -p0 -b .2006-003
cp src/krb524/README README.krb524 cp src/krb524/README README.krb524
gzip doc/*.ps gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex